1 person found this helpful
I don't think Windows can detect if .air files are signed or not, but in the case of native installer, this is supported.
You can pass a certificate to sign the generated native installer in addition to the actual AIR application. This option is available via command-line ADT (sadly, not exposed in FB as this is win only).
Optionally, on Windows you can add a second set of signing options, indicated as [WINDOWS_INSTALLER_SIGNING_OPTIONS]
in the syntax listing. On Windows, in addition to signing the AIR file, you can sign the Windows Installer file. Use the same type of certificate and signing option syntax as you would for signing the AIR file (see ADT code signing options). You can use the same certificate to sign the AIR file and the installer file, or you can specify different certificates. When a user downloads a signed Windows Installer file from the web, Windows identifies the source of the file, based on the certificate
P.S: For more clarification regarding this, the AIR installation forum will be a better place: http://forums.adobe.com/community/air/installation?view=discussions&start=0
Thank you, I had attempted to use ADT since posting, but had overlooked the [WINDOWS_INSTALLER_SIGNING_OPTIONS].
Current state/Lessons learned:
Signed native installer published from FB with the windows SDK's signtool.
Used ADT to package signed AIR file into a (different) signed native installer (had to use a PFX* cert, the p12 did not work for some reason)
Sadly, while both are detected as signed applications by windows, but both are still flagged by our whitelisting software.
At least we know where to direct our complaints now!
* If you need to turn a p12 into a PFX (also required to use signtool): import the p12 into Internet Explorer (Internet Options-> Content-> Certificates in IE8), and simply export it again as a PFX.